The HIPAA Security Risk Assessment Analysis
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlined mandated standards for health care facilities to comply with. Among them are security risk assessment procedures designed to identify and record "potential risks and vulnerabilities to the confidentiality, integrity or availability of electronic protected health information." Compliance involves the analysis of existing measures and taking steps to minimize those risks.-
Location
-
HIPPA security risk analysis begins with identifying what information is to be protected. Personnel locates this information and uses the location as a basis for protection methods to establish administrative, technical and physical safeguards.
Analysis Steps
-
The steps in the analysis process call for record keepers to inventory and classify assets, document likely threats to each asset, perform a vulnerability assessment and evaluate current safeguards. Personnel is then expected to document risks, recommend appropriate safeguards and create a report of results.
Testing
-
Some of the testing included in the HIPAA security risk assessment analysis relates to external penetration, while other testing focuses on network vulnerability and wireless/remote access assessment.
-